Using the SCAS

From PDP/Grid Wiki
Revision as of 16:23, 5 February 2010 by Okoeroo@nikhef.nl (talk | contribs)
Jump to navigationJump to search

The LCAS/LCMAPS GT4-interface for Globus GridFTPd, Gatekeeper and GSI-OpenSSHd and gLExec all share the LCMAPS framework as their mapping back-end. It can be configured to use the SCAS client LCMAPS plug-in. This will contact the SCAS service to trigger an authorization decision and, on a positive result, return a mapping result. This will then be input for the LCMAPS user mapping back-end of gLExec to continue.


Installation

Add the scas-client plugin to the set of RPMs on your machine, and configure the SCAS client by editing the lcmaps.db file on your system.

Configuration

Note: The following example assumes a verify_proxy and posix_enf plug-in to be configured.

Configure the LCMAPS You would add to /opt/glite/etc/lcmaps/lcmaps-glexec.db:

scasclient = "lcmaps_scas_client.mod"
            " -capath /etc/grid-security/certificates/"
            " -endpoint https://graszaad.nikhef.nl:8443"
            " -resourcetype wn"
            " -actiontype execute-now"

and the following policy execution flow at the end:

# policies
glexec_get_account:
verify_proxy  -> scasclient
scasclient -> posix_enf